Overview

overview

10

Static

static

0ff038b876...f7.exe

windows7_x64

10

0ff038b876...f7.exe

windows10_x64

3

Analysis

  • max time kernel
    147s
  • max time network
    100s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    14/07/2020, 12:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ff038b8766060a9271421332d144e11a9d2c7001375551dae3f3c195a33fbf7.exe

  • Size

    557KB

  • MD5

    b6208e7fb38b62395df0e67eaa2d1396

  • SHA1

    890f78b07e048833ef23a23c85774ad81fd62cca

  • SHA256

    0ff038b8766060a9271421332d144e11a9d2c7001375551dae3f3c195a33fbf7

  • SHA512

    d2ec681c166ab436761c8a762ec8eb9270f6322d5627c0784aabb19b3d5822b202baafa7320548275c8071d96169b40ee784fab8f8f39214f129daca65ccd670

Score
3/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ff038b8766060a9271421332d144e11a9d2c7001375551dae3f3c195a33fbf7.exe
    "C:\Users\Admin\AppData\Local\Temp\0ff038b8766060a9271421332d144e11a9d2c7001375551dae3f3c195a33fbf7.exe"
    1⤵
      PID:3768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 916
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        • Program crash
        PID:2196

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2196-0-0x0000000004590000-0x0000000004591000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2196-1-0x0000000004590000-0x0000000004591000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2196-3-0x0000000004690000-0x0000000004691000-memory.dmp

            Filesize

            4KB

            Download